The Retro-Virus

Nowadays we see lots of malicious software that is designed to steal money and information. A new virus was recently discovered that seems to be all about proving a concept rather than blatant maliciousness.

The Win32/Induc.A virus does not infect like most viruses do. Delphi is a programming language. Induc infected the Delphi IDE so that when the programmers compile their programs the programs are already infected.

As far as we are able to determine at this time, this virus went undetected since April 2009. Most of the samples of infected files we have seen are other trojans, mainly those that steal bank information. So, we detected the Trojan, but didn’t know that it was also infected.

For the average user the virus is essentially harmless. The problem is that some software development companies use Delphi, got infected, and when we added detection for Win32/Induc.A their programs were detected. Some of these companies accused ESET of having false positives when their programs were actually infected!

In reviewing our internal malware collections our researchers have found over 4,000 infected samples. Our Threatsense.Net network has identified over 30,000 unique infected samples in the first 24 hours after we added detection.